mirror of
https://github.com/ansible-collections/community.crypto.git
synced 2026-03-27 05:43:22 +00:00
ba456c5eaf
* Add gpg_fingerprint lookup. * Work around problems on some CI targets. * Use get_bin_path to find the gpg executable. Document that we need it. * Improve and test error handling. * Refactor (potentially) common code to module_utils and plugin_utils. This will be useful to create a filter version of this, and further lookups, filters, and modules. * Do not create a keyring when there isn't one. * Fixups. * Fix description. * More fixes for lookup. * Also add a gpg_fingerprint filter. * Improve formulation. Co-authored-by: Sandra McCann <samccann@redhat.com> --------- Co-authored-by: Sandra McCann <samccann@redhat.com>
65 lines
2.0 KiB
Python
65 lines
2.0 KiB
Python
# -*- coding: utf-8 -*-
|
|
# Copyright (c) 2023, Felix Fontein <felix@fontein.de>
|
|
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
from __future__ import (absolute_import, division, print_function)
|
|
__metaclass__ = type
|
|
|
|
import abc
|
|
import os
|
|
|
|
from ansible.module_utils import six
|
|
|
|
|
|
class GPGError(Exception):
|
|
pass
|
|
|
|
|
|
@six.add_metaclass(abc.ABCMeta)
|
|
class GPGRunner(object):
|
|
@abc.abstractmethod
|
|
def run_command(self, command, check_rc=True, data=None):
|
|
"""
|
|
Run ``[gpg] + command`` and return ``(rc, stdout, stderr)``.
|
|
|
|
If ``data`` is not ``None``, it will be provided as stdin.
|
|
The code assumes it is a bytes string.
|
|
|
|
Returned stdout and stderr are native Python strings.
|
|
Pass ``check_rc=False`` to allow return codes != 0.
|
|
|
|
Raises a ``GPGError`` in case of errors.
|
|
"""
|
|
pass
|
|
|
|
|
|
def get_fingerprint_from_stdout(stdout):
|
|
lines = stdout.splitlines(False)
|
|
for line in lines:
|
|
if line.startswith('fpr:'):
|
|
parts = line.split(':')
|
|
if len(parts) <= 9 or not parts[9]:
|
|
raise GPGError('Result line "{line}" does not have fingerprint as 10th component'.format(line=line))
|
|
return parts[9]
|
|
raise GPGError('Cannot extract fingerprint from stdout "{stdout}"'.format(stdout=stdout))
|
|
|
|
|
|
def get_fingerprint_from_file(gpg_runner, path):
|
|
if not os.path.exists(path):
|
|
raise GPGError('{path} does not exist'.format(path=path))
|
|
stdout = gpg_runner.run_command(
|
|
['--no-keyring', '--with-colons', '--import-options', 'show-only', '--import', path],
|
|
check_rc=True,
|
|
)[1]
|
|
return get_fingerprint_from_stdout(stdout)
|
|
|
|
|
|
def get_fingerprint_from_bytes(gpg_runner, content):
|
|
stdout = gpg_runner.run_command(
|
|
['--no-keyring', '--with-colons', '--import-options', 'show-only', '--import', '/dev/stdin'],
|
|
data=content,
|
|
check_rc=True,
|
|
)[1]
|
|
return get_fingerprint_from_stdout(stdout)
|